Dokploy 操作系统命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.26.6 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from insufficient cleanup of the appName parameter input, lack of pattern validation, and dire...

MongoDB Server 日志信息泄露漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a vulnerability in MongoDB Server related to log information leakage,...

Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check

Summary The RegexMatching check in the giskard-checks package passes a user-supplied regular expression pattern directly to Python's re.search without any timeout, complexity guard, or pattern validation. An attacker who can control the regex pattern or the text being matched can craft inputs tha...

ajv: ReDoS via $data reference

A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS Regular Expression Denial of...

CVE-2026-32770 Parse Server: LiveQuery subscription with invalid regular expression crashes server

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.19 and 8.6.43, a remote attacker can crash the Parse Server by subscribing to a LiveQuery with an invalid regular expression pattern. The server process terminates when the...

Parse Server LiveQuery subscription with invalid regular expression crashes server

Impact A remote attacker can crash the Parse Server by subscribing to a LiveQuery with an invalid regular expression pattern. The server process terminates when the invalid pattern reaches the regex engine during subscription matching, causing denial of service for all connected clients. Patches...

Improper pattern file validation in i-FILTER optional feature 'Anti-Virus & Sandbox'

Overview The optional feature 'Anti-Virus & Sandbox' of i-FILTER provided by Digital Arts Inc. validates pattern files improperly. Improper pattern file validation CWE-348 - CVE-2025-47149 Digital Arts Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC...

Credential Exposure

gradio is vulnerable to Credential Exposure. The vulnerability is caused by a lack of strict pattern validation in determining network or file paths in the startswithprotocol function, which can lead to the exposure of sensitive information through incorrect interpretation of network or file path...

Android Qualcomm Component Denial of Service Vulnerability (CNVD-2016-06205)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA in the U.S. Qualcomm is one of the Qualcomm components used in Qualcomm devices. A security vulnerability exists in the rivers/media/video/msm/msmmctlbuf.c file in the Qualcomm...